$23 Million YouTube Royalties Scam

Scammers were able to convince YouTube that other peoples’ music was their own. They successfully stole $23 million before they were caught.

No one knows how common this scam is, and how much money total is being stolen in this way. Presumably this is not an uncommon fraud.

While the size of the heist and the breadth of the scheme may be very unique, it’s certainly a situation that many YouTube content creators have faced before. YouTube’s Content ID system, meant to help creators, has been weaponized by bad faith actors in order to make money off content that isn’t theirs. While some false claims are just mistakes caused by automated systems, the MediaMuv case is a perfect example of how fraudsters are also purposefully taking advantage of digital copyright rules…

Continue reading $23 Million YouTube Royalties Scam

How bad actors are utilizing the InterPlanetary File Systems (IPFS)

With the continued rise in adoption of cloud services, bad actors are utilizing the InterPlanetary File System (IPFS) as a new playing ground for phishing attacks. In fact, Trustwave SpiderLabs has found that in the past 90 days, more than 3,000 emails… Continue reading How bad actors are utilizing the InterPlanetary File Systems (IPFS)

LogoKit update: The phishing kit leveraging open redirect vulnerabilities

Resecurity identified threat actors leveraging open redirect vulnerabilities in online services and apps to bypass spam filters to ultimately deliver phishing content. Using highly trusted service domains like Snapchat and other online-services, they c… Continue reading LogoKit update: The phishing kit leveraging open redirect vulnerabilities

Phishing campaign targets Coinbase wallet holders to steal cryptocurrency in real-time

In this video for Help Net Security, Nick Ascoli, VP of Threat Research, PIXM, discusses a multilayered phishing campaign targeting cryptocurrency exchange Coinbase. Attackers are sending out spoofed Coinbase emails to harvest personal credentials and … Continue reading Phishing campaign targets Coinbase wallet holders to steal cryptocurrency in real-time

How to spot deep-faked candidates during interviews

The FBI recently issued a warning that malicious attackers are using deepfakes to apply for a variety of remote work positions via virtual interviews over the internet. These positions include IT, database, and developer positions with access to custom… Continue reading How to spot deep-faked candidates during interviews

The most impersonated brand in phishing attacks? Microsoft

Vade announced its H1 2022 Phishers’ Favorites report, a ranking of the top 25 most impersonated brands in phishing attacks. Microsoft came in at #1 on the list, followed by Facebook. Rounding out the top five are Crédit Agricole, WhatsApp, and Orange…. Continue reading The most impersonated brand in phishing attacks? Microsoft

Major shifts and the growing risk of identity fraud

Traditional identity fraud losses, caused by criminals illegally using victims’ information to steal money, exploded in 2021 to $24 billion — an alarming 79% increase over 2020, according to Javelin Strategy & Research. The number of adults in the… Continue reading Major shifts and the growing risk of identity fraud

How to identify and combat online fraud

As the popularity of Buy Now, Pay Later (BNPL) grows, organizations and consumers must remain vigilant or risk becoming a victim of fraud, as account takeover attacks – where cybercriminals take ownership of online accounts using stolen passwords and u… Continue reading How to identify and combat online fraud

The rise and continuing popularity of LinkedIn-themed phishing

Phishing emails impersonating LinkedIn continue to make the bulk of all brand phishing attempts; according to Check Point, 45% of all email phishing attempts in Q2 2022 imitated the style of communication of the professional social media platform, with… Continue reading The rise and continuing popularity of LinkedIn-themed phishing